May 3, 2016 – It has recently come to our attention that people are receiving phishing scam emails from BSB Bancorp Inc requesting payment is made on an invoice. Please note that BSB Bancorp Inc does not send out emails and this is a scam. Please read below to learn about ways you can protect yourself from these kinds of scams and more.
Keeping your information safe and secure is our top priority.
Belmont Savings Bank will never request personal financial information from you either online, by text, or through the telephone. Please be careful not to furnish your bank account number, debit or credit card information, social security number or date of birth to any unknown party.
If you receive any suspicious emails or telephone calls requesting this type of information, please contact the Bank immediately at 617-484-6700 or 617-993-1499 option 3.
If you need to report a lost or stolen card please call 1-800-472-3272, option #2, available 24/7.
Online Banking Security Tips
Q: Can anyone else see my accounts over the Internet?
A: BSB uses the latest technology to keep your account information secure. Security features exist at every level – from your PC, to the Internet, and over our secure network. The following features are offered for full security:
- Password protection
- Enhanced Login Security
- Lockout – Access is denied after the fifth consecutive invalid login
- Timeout – Account Access automatically logs off after a designated period of time
- Exit button – Exits Internet Bill Payment and Account Access
- Cache security – Ensures that no one can view a customer’s account information by accessing the cache file
- Encrypted URL – Ensures that any account information that appears in the URL is not readable
- SSL (Secure Sockets Layer) protocol – Allows for the transfer of digitally signed certificates for authentication procedures, and provides message integrity, ensuring that the data can’t be altered during a transaction. In SSL protocol, Web addresses usually start with “https” instead of “http”
Q: What can I do to maximize the security provided for my account?
A: The Online Banking service has several effective security techniques that we encourage you to implement when you use Online Banking:
- Never reveal your password to anyone or leave your password anywhere that someone else can obtain and use it.
- Change your password on a regular basis.
- Use the Exit button to end each Internet banking session. Do not use the Back button to exit the site.
- Change your session timeout in User Options to a time that meets your needs.
- Balance your account on a regular basis. Online Banking makes it easy!
For more information regarding safe internet banking, click on:
We’ve gotten phone calls from customers who are receiving a fraudulent automated phone call that are advising them their debit card has been compromised and asking them to enter their 16 digit card number. This is fraud – we would never contact you to ask for your debit card number. If we suspect that a debit card has been compromised, we will contact you, but not with an automated call and we would not ask you to give us your card number or any other financial information. Please be cautious and never give out your personal or financial information to an unsolicited phone call, email and/or text.
We’ve seen some spam emails that appear to be from BSB and are asking you to open and run an attached file. These emails are NOT from us. Belmont Savings Bank will NEVER send emails or texts asking you to download and run a file or submit your personal and/or financial information. Please do not open or run the file – it is spam.
The financial industry has recently encountered an increase in fraudulent wire transfer activity. Some instances of fraud activity have occurred via telephone and fax communications where the fraudster has forwarded an unsuspecting customer’s phone number to the fraudster’s phone number. The fraudster then calls in or faxes in wire transfer requests and when the financial institution calls to confirm the information, the fraudster is answering the call, not the customer.
To protect you, Belmont Savings Bank may request additional verification information from phone and fax wire transfer requests. To prevent a call forwarding service being set up on your phone number, contact your phone provider to find out how to have this service blocked or password protected.
U.S. Department of Justice data show that identity theft is the fastest growing crime in America. Identity theft occurs when someone uses your personal identifying information, like your name, Social Security number, or credit card number, without your permission, to commit fraud or other crimes and to get credit in your name. Because we are committed to your financial safety, we feel you need to know the latest info to keep yourself and your accounts safe.
How fraudsters obtain personal information:
- Dumpster Diving: Going through trash to find bills and papers with personal information on it.
- Phishing: Posing as financial institutions or companies like eBay or PayPal and sending spam or pop-up messages to get consumers to reveal personal information. It can also be in the form of text messages asking for your personal information, or to call a fake phone number or visit a fake website.
- Malware: Also known as ‘malicious software’, malware is designed to harm, attack or take unauthorized control over a computer system. Malware includes viruses, worms and Trojans. It’s important to know that Malware can include a combination of all three of the types noted.
- Pharming: Pharming takes place when you type in a valid Web address and you are illegally redirected to a Web site that is not legitimate. These ‘fake’ Web sites ask for personal information such as credit card numbers, bank account information, Social Security numbers and other sensitive information.
- Trojan: A Trojan is malicious code that is disguised or hidden within another program that appears to be safe (as in the myth of the Trojan horse). When the program is executed, the Trojan allows attackers to gain unauthorized access to the computer in order to steal information and cause harm. Trojans commonly spread through email attachments and Internet downloads. A common Trojan component is a “keystroke logger” which captures a user’s keystrokes in an attempt to capture the user’s credentials. It will then send those credentials to the attacker.
- Spoofing: Spoofing is when an attacker masquerades as someone else by providing false data. Phishing has become the most common form of Web page spoofing. Another form of spoofing is URL spoofing. This happens when an attacker exploits bugs in your Web browser in order to display incorrect URLs in your browser location bar. Another form of spoofing is called “man-in-the-middle”. This occurs when an attacker compromises the communication between you and another party on the Internet. Many firewalls can be updated or configured to significantly prevent this type of attack.
- Spyware: Loaded on to your computer unbeknownst to you, spyware is a type of program that watches what users do and forwards information to someone else. It is most often installed when you download free software on the Internet. Unfortunately hackers discovered this to be an effective means of sending sensitive information over the Internet. Moreover, they discovered that many free applications that use spyware for marketing purposes could be found on your machine, and attackers often use this existing spyware for their malicious means.
- Pop-Ups: A form of Web advertising that appears as a “pop-up” on a computer screen, pop-ups are intended to increase Web traffic or capture email addresses. However, sometimes pop-up ads are designed with malicious intent like when they appear as a request for personal information from a financial institution, for example.
- Virus: A computer virus is a malicious program that attaches itself to and infects other software applications and files without the user’s knowledge, disrupting computer operations. Viruses can carry what is known as a “payload,” executable scripts designed to damage, delete or steal information from a computer. A virus is a self-replicating program, meaning it copies itself. Typically, a virus only infects a computer and begins replicating when the user executes the program or opens an “infected” file. Viruses spread from computer to computer only when users unknowingly share “infected” files. For example, viruses are commonly spread when users send emails with infected documents attached.
- RetroVirus: This virus specifically targets your computer defenses. It will look for vulnerabilities within your computer operating system or any third party security software. Most security vendors have some form of tamper-proof measure in place, so it is important to keep your patches up-to-date. Retro Viruses are usually combined with another form of attack.
- Worm: A worm is similar to a virus but with an added, dangerous element. Like a virus, a worm can make copies of itself; however, a worm does not need to attach itself to other programs and it does not require a person to send it along to other computers. Worms are powerful malware programs because they cannot only copy themselves, they can also execute and spread themselves rapidly across a network without any help.
- Skimming: Stealing credit/debit card numbers by using a special storage device when processing your card.
- Property theft: Stealing wallets and purses; mail, including bank and credit card statements; preapproved credit offers; and new checks or tax information.
- Keep your PIN and passwords secret. Never let someone else enter your PIN for you.
- Shred documents with personal information before you discard them.
- Be suspicious of emails, texts, mail or phone calls that ask for your personal information, especially your financial information. If you suspect something might not be authentic, contact the company directly. Remember, Belmont Savings Bank will never send emails or texts asking you to submit your personal and/or financial information.
- Never click on links sent in unsolicited emails – fraudsters are very clever and can disguise links and even create websites that may look identical to websites you know. Type in the web addresses you know in a new browser.
- Don’t believe the hype. Many fraudulent emails send out urgent messages that claim your account will be closed if sensitive information isn’t immediately provided, or that important security needs to be updated online. Your financial institution will never use this method to alert you of an account problem.
- Never give out your email address or other sensitive or personal information to unknown web sites. If you don’t know the reputation of a Web site, don’t assume you can trust it. Many Web sites sell email addresses or may be careless with your personal information. Be wary of providing any information that can be used by others for fraudulent purposes.
- Don’t open attachments with odd filename extensions. Most computer files use filename extensions such as “.doc” for documents or “.jpg” for images. If a file has a double extension, like “heythere.doc.pif,” it is highly likely that this is a dangerous file and should never be opened. In addition, do not open email attachments that have file endings of .exe, .pif, or .vbs. These are filename extensions for executable files and could be dangerous if opened.
- Always ensure you’re using a secure website when submitting sensitive information over the Internet. To make sure you’re on a secure site, check the beginning of the web address – it should be https:// rather than http:// and it should have a lock in the bottom corner.
- Maintain up-to-date anti-virus, anti-spy ware, and firewalls on your computer.
- Regularly check your accounts and billing statements. Be suspicious of bills that don’t arrive as usual, unexpected bills or account statements, and calls or letters about purchases you did not make. Report any errors as soon as possible.
- Check your credit report annually. The consumer reporting companies are required to give you a free credit report each year if you request it. Visit www.annualcreditreport.com or call 1.877.322.8228 to order your free credit reports.
- Never have your Social Security number printed on your checks.
- When you write checks to pay on your credit card accounts, do not put the whole account number in the memo line. Only memo the last four digits – the company will know the rest of the numbers and anyone who handles your check won’t have access to your account number.
What to do if it happens to you:
- Report the fraudulent activity. If the activity is related to the Bank, please contact us directly as soon as possible..If it is related to another financial institution, your credit card company or any other organization, contact them directly.
- Contact one of the three credit reporting agencies and ask them to place a fraud alert on your reports. With an alert in place, any company checking your credit will know your information was stolen and they must contact you by phone to authorize new credit. Contact only one of the three, the other are required to contact the other two. The three credit reporting agencies and their phone numbers are:
- Equifax – 1.800.525.6285; www.equifax.com
- Experian – 1.888.397.3742; www.experian.com
- TransUnion – 1.800.680.7289; www.transunion.com
- Cancel lost cards immediately. Close accounts that have been tampered with. As a precaution, you may want to make photocopies of both sides of the contents of your wallet and keep the copies in a safe place. Should anything happen, you will have copies of your cards, complete with account numbers and contact information. You can also use the FTC Theft Affidavit (third party site disclaimer) http://www.ftc.gov/bcp/edu/resources/forms/affidavit.pdf
- If a fraudulent account was opened or charged without your permission, contact the fraud department of each company:
- Follow up in writing, with copies of supporting documents
- Ask for verification that the disputed account has been dealt with and the fraudulent debts discharged.
- Keep copies of documents and records of your conversations about the theft.
- Report fraud to the Social Security Administration (1.800.269.0271) and the Federal Trade Commission (1.877.IDTHEFT).
- File a police report – call or visit the local police or the police in the community where the identity theft took place. Have a copy of your FTC ID Theft complaint form available to give them. Obtain a copy of the police report and police report number.
- If the crime involves mail, you can report mail fraud to the U.S. Postal Inspection Service at 1.877.876.2455.
- Better Business Bureau – take the quiz and get tips on prevention
- Federal Trade Commission – guide to phishing
- Opt-Out Prescreen – register with credit bureaus to opt out of pre-approved credit offers
- Do-Not-Call Registry – add your name to the FTC’s Do-Not-Call Registry
- FTC Identity Theft Site – visit the FTC’s website for additional information regarding reporting Identity Theft https://www.identitytheft.gov/
Online Shopping Tips
- Shop with merchants you know and trust.
- Always use a credit card online.
- Make sure the transaction is secure – look for the padlock icon in your browser window frame and the “https://” in the URL when you go to the checkout page.
- Confirm the bottom line price, shipping schedule and return policy.
- Regularly check your accounts and billing statements. Be suspicious of bills that don’t arrive as usual, unexpected bills or account statements, and calls or letters about purchases you did not make.
Additional Privacy Policies for the Web Site
We ask that you do not send confidential information to us via e-mail. E-mail is not necessarily secure against interception. If your communication is very sensitive or includes personal information such as account numbers or a social security number, you should call us or send it by regular mail.
As we continue to improve our products and services, our commitment to customer confidentiality will remain a top priority.
If you have any questions concerning our customer information policy, please contact our Compliance Officer at 617-484-6700.